Use Case, Background:
I have a customer that have users that don't change their passwords as often as they would like in Online. Therefore they would like to be able to identify users that haven't changed their password for a specific period.
I know this could be elegantly solved using an Azure AD federated login and that has been discussed and is something that we might go for later on, but not right now. :)
- Is there any log or entity that could be watched that identifies if a user have executed a change of the password?
- Is this kind of events logged in the TravelTransaction-table?
- I haven't analysed the workflow of changing a user password, so I haven't identified exactly which entities that are involved and changed/created yet.
- I assume that it is the credential rows of the credentialType "CentralSuperIdCredential" that are "password"-rows (given a Online environment where all accounts are converted to a SuperID-account), even though the password is actually saved in SO's internal repository for SuperID-accounts.
- But I assume that the password is seen as a credential entity which is saved in the credentials table. So I assume that something could be watched there
- Will the field "updated" be set when a password is changed for that SuperId?
- Or will a new credential be created instead?
- Is there any trigger that could be watched and do something with (Online)? Like a Before/AfterEditAssociate or something.